2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/session/application_namespace.h>
17 #include <vnet/session/application_interface.h>
18 #include <vnet/session/application.h>
19 #include <vnet/session/session.h>
20 #include <vnet/session/session_rules_table.h>
22 #define SESSION_TEST_I(_cond, _comment, _args...) \
24 int _evald = (_cond); \
26 fformat(stderr, "FAIL:%d: " _comment "\n", \
29 fformat(stderr, "PASS:%d: " _comment "\n", \
35 #define SESSION_TEST(_cond, _comment, _args...) \
37 if (!SESSION_TEST_I(_cond, _comment, ##_args)) { \
43 dummy_session_reset_callback (stream_session_t * s)
45 clib_warning ("called...");
49 dummy_session_connected_callback (u32 app_index, u32 api_context,
50 stream_session_t * s, u8 is_fail)
52 clib_warning ("called...");
57 dummy_add_segment_callback (u32 client_index, const u8 * seg_name,
60 clib_warning ("called...");
65 dummy_redirect_connect_callback (u32 client_index, void *mp)
67 return VNET_API_ERROR_SESSION_REDIRECT;
71 dummy_session_disconnect_callback (stream_session_t * s)
73 clib_warning ("called...");
77 dummy_session_accept_callback (stream_session_t * s)
79 clib_warning ("called...");
84 dummy_server_rx_callback (stream_session_t * s)
86 clib_warning ("called...");
91 static session_cb_vft_t dummy_session_cbs = {
92 .session_reset_callback = dummy_session_reset_callback,
93 .session_connected_callback = dummy_session_connected_callback,
94 .session_accept_callback = dummy_session_accept_callback,
95 .session_disconnect_callback = dummy_session_disconnect_callback,
96 .builtin_server_rx_callback = dummy_server_rx_callback,
97 .redirect_connect_callback = dummy_redirect_connect_callback,
102 session_test_basic (vlib_main_t * vm, unformat_input_t * input)
104 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
105 u64 options[APP_OPTIONS_N_OPTIONS], bind4_handle, bind6_handle;
106 u8 segment_name[128];
107 clib_error_t *error = 0;
110 memset (options, 0, sizeof (options));
111 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
112 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
113 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
114 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
115 vnet_app_attach_args_t attach_args = {
116 .api_client_index = ~0,
119 .session_cb_vft = &dummy_session_cbs,
120 .segment_name = segment_name,
123 error = vnet_application_attach (&attach_args);
124 SESSION_TEST ((error == 0), "app attached");
125 server_index = attach_args.app_index;
127 server_sep.is_ip4 = 1;
128 vnet_bind_args_t bind_args = {
133 bind_args.app_index = server_index;
134 error = vnet_bind (&bind_args);
135 SESSION_TEST ((error == 0), "server bind4 should work");
136 bind4_handle = bind_args.handle;
138 error = vnet_bind (&bind_args);
139 SESSION_TEST ((error != 0), "double server bind4 should not work");
141 bind_args.sep.is_ip4 = 0;
142 error = vnet_bind (&bind_args);
143 SESSION_TEST ((error == 0), "server bind6 should work");
144 bind6_handle = bind_args.handle;
146 error = vnet_bind (&bind_args);
147 SESSION_TEST ((error != 0), "double server bind6 should not work");
149 vnet_unbind_args_t unbind_args = {
150 .handle = bind4_handle,
151 .app_index = server_index,
153 error = vnet_unbind (&unbind_args);
154 SESSION_TEST ((error == 0), "unbind4 should work");
156 unbind_args.handle = bind6_handle;
157 error = vnet_unbind (&unbind_args);
158 SESSION_TEST ((error == 0), "unbind6 should work");
160 vnet_app_detach_args_t detach_args = {
161 .app_index = server_index,
163 vnet_application_detach (&detach_args);
168 session_test_namespace (vlib_main_t * vm, unformat_input_t * input)
170 u64 options[APP_OPTIONS_N_OPTIONS], dummy_secret = 1234;
171 u32 server_index, server_st_index, server_local_st_index;
172 u32 dummy_port = 1234, local_listener, client_index;
173 u32 dummy_api_context = 4321, dummy_client_api_index = 1234;
174 u32 dummy_server_api_index = ~0, sw_if_index = 0;
175 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
176 session_endpoint_t client_sep = SESSION_ENDPOINT_NULL;
177 session_endpoint_t intf_sep = SESSION_ENDPOINT_NULL;
178 clib_error_t *error = 0;
179 u8 *ns_id = format (0, "appns1"), intf_mac[6];
180 app_namespace_t *app_ns;
181 u8 segment_name[128];
182 application_t *server;
186 server_sep.is_ip4 = 1;
187 server_sep.port = dummy_port;
188 client_sep.is_ip4 = 1;
189 client_sep.port = dummy_port;
190 memset (options, 0, sizeof (options));
191 memset (intf_mac, 0, sizeof (intf_mac));
193 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
194 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
195 vnet_app_attach_args_t attach_args = {
196 .api_client_index = ~0,
199 .session_cb_vft = &dummy_session_cbs,
200 .segment_name = segment_name,
203 vnet_bind_args_t bind_args = {
208 vnet_connect_args_t connect_args = {
214 vnet_unbind_args_t unbind_args = {
215 .handle = bind_args.handle,
219 vnet_app_detach_args_t detach_args = {
223 ip4_address_t intf_addr = {
224 .as_u32 = clib_host_to_net_u32 (0x06000105),
227 intf_sep.ip.ip4 = intf_addr;
229 intf_sep.port = dummy_port;
232 * Insert namespace and lookup
235 vnet_app_namespace_add_del_args_t ns_args = {
237 .secret = dummy_secret,
238 .sw_if_index = APP_NAMESPACE_INVALID_INDEX,
241 error = vnet_app_namespace_add_del (&ns_args);
242 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
243 clib_error_get_code (error));
245 app_ns = app_namespace_get_from_id (ns_id);
246 SESSION_TEST ((app_ns != 0), "should find ns %v status", ns_id);
247 SESSION_TEST ((app_ns->ns_secret == dummy_secret), "secret should be %d",
249 SESSION_TEST ((app_ns->sw_if_index == APP_NAMESPACE_INVALID_INDEX),
250 "sw_if_index should be invalid");
253 * Try application attach with wrong secret
256 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
257 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
258 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret - 1;
259 attach_args.namespace_id = ns_id;
260 attach_args.api_client_index = dummy_server_api_index;
262 error = vnet_application_attach (&attach_args);
263 SESSION_TEST ((error != 0), "app attachment should fail");
264 code = clib_error_get_code (error);
265 SESSION_TEST ((code == VNET_API_ERROR_APP_WRONG_NS_SECRET),
266 "code should be wrong ns secret: %d", code);
269 * Attach server with global default scope
271 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
272 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
273 options[APP_OPTIONS_NAMESPACE_SECRET] = 0;
274 attach_args.namespace_id = 0;
275 attach_args.api_client_index = dummy_server_api_index;
276 error = vnet_application_attach (&attach_args);
277 SESSION_TEST ((error == 0), "server attachment should work");
278 server_index = attach_args.app_index;
279 server = application_get (server_index);
280 SESSION_TEST ((server->ns_index == 0),
281 "server should be in the default ns");
283 bind_args.app_index = server_index;
284 error = vnet_bind (&bind_args);
285 SESSION_TEST ((error == 0), "server bind should work");
287 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
288 s = session_lookup_listener (server_st_index, &server_sep);
289 SESSION_TEST ((s != 0), "listener should exist in global table");
290 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
292 server_local_st_index = application_local_session_table (server);
293 SESSION_TEST ((server_local_st_index == APP_INVALID_INDEX),
294 "server shouldn't have access to local table");
296 unbind_args.app_index = server_index;
297 unbind_args.handle = bind_args.handle;
298 error = vnet_unbind (&unbind_args);
299 SESSION_TEST ((error == 0), "unbind should work");
301 s = session_lookup_listener (server_st_index, &server_sep);
302 SESSION_TEST ((s == 0), "listener should not exist in global table");
304 detach_args.app_index = server_index;
305 vnet_application_detach (&detach_args);
308 * Attach server with local and global scope
310 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
311 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
312 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret;
313 attach_args.namespace_id = ns_id;
314 attach_args.api_client_index = dummy_server_api_index;
315 error = vnet_application_attach (&attach_args);
316 SESSION_TEST ((error == 0), "server attachment should work");
317 server_index = attach_args.app_index;
318 server = application_get (server_index);
319 SESSION_TEST ((server->ns_index == app_namespace_index (app_ns)),
320 "server should be in the right ns");
322 bind_args.app_index = server_index;
323 error = vnet_bind (&bind_args);
324 SESSION_TEST ((error == 0), "bind should work");
325 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
326 s = session_lookup_listener (server_st_index, &server_sep);
327 SESSION_TEST ((s != 0), "listener should exist in global table");
328 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
330 server_local_st_index = application_local_session_table (server);
332 session_lookup_local_endpoint (server_local_st_index, &server_sep);
333 SESSION_TEST ((local_listener != SESSION_INVALID_INDEX),
334 "listener should exist in local table");
337 * Try client connect with 1) local scope 2) global scope
339 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
340 attach_args.api_client_index = dummy_client_api_index;
341 error = vnet_application_attach (&attach_args);
342 SESSION_TEST ((error == 0), "client attachment should work");
343 client_index = attach_args.app_index;
344 connect_args.api_context = dummy_api_context;
345 connect_args.app_index = client_index;
346 error = vnet_connect (&connect_args);
347 SESSION_TEST ((error != 0), "client connect should return error code");
348 code = clib_error_get_code (error);
349 SESSION_TEST ((code == VNET_API_ERROR_INVALID_VALUE),
350 "error code should be invalid value (zero ip)");
351 connect_args.sep.ip.ip4.as_u8[0] = 127;
352 error = vnet_connect (&connect_args);
353 SESSION_TEST ((error != 0), "client connect should return error code");
354 code = clib_error_get_code (error);
355 SESSION_TEST ((code == VNET_API_ERROR_SESSION_REDIRECT),
356 "error code should be redirect");
357 detach_args.app_index = client_index;
358 vnet_application_detach (&detach_args);
360 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
361 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
362 attach_args.api_client_index = dummy_client_api_index;
363 error = vnet_application_attach (&attach_args);
364 SESSION_TEST ((error == 0), "client attachment should work");
365 error = vnet_connect (&connect_args);
366 SESSION_TEST ((error != 0), "client connect should return error code");
367 code = clib_error_get_code (error);
368 SESSION_TEST ((code == VNET_API_ERROR_SESSION_CONNECT),
369 "error code should be connect (nothing in local scope)");
370 detach_args.app_index = client_index;
371 vnet_application_detach (&detach_args);
374 * Unbind and detach server and then re-attach with local scope only
376 unbind_args.handle = bind_args.handle;
377 unbind_args.app_index = server_index;
378 error = vnet_unbind (&unbind_args);
379 SESSION_TEST ((error == 0), "unbind should work");
381 s = session_lookup_listener (server_st_index, &server_sep);
382 SESSION_TEST ((s == 0), "listener should not exist in global table");
384 session_lookup_local_endpoint (server_local_st_index, &server_sep);
385 SESSION_TEST ((s == 0), "listener should not exist in local table");
387 detach_args.app_index = server_index;
388 vnet_application_detach (&detach_args);
390 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
391 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
392 attach_args.api_client_index = dummy_server_api_index;
393 error = vnet_application_attach (&attach_args);
394 SESSION_TEST ((error == 0), "app attachment should work");
395 server_index = attach_args.app_index;
396 server = application_get (server_index);
397 SESSION_TEST ((server->ns_index == app_namespace_index (app_ns)),
398 "app should be in the right ns");
400 bind_args.app_index = server_index;
401 error = vnet_bind (&bind_args);
402 SESSION_TEST ((error == 0), "bind should work");
404 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
405 s = session_lookup_listener (server_st_index, &server_sep);
406 SESSION_TEST ((s == 0), "listener should not exist in global table");
407 server_local_st_index = application_local_session_table (server);
409 session_lookup_local_endpoint (server_local_st_index, &server_sep);
410 SESSION_TEST ((local_listener != SESSION_INVALID_INDEX),
411 "listener should exist in local table");
413 unbind_args.handle = bind_args.handle;
414 error = vnet_unbind (&unbind_args);
415 SESSION_TEST ((error == 0), "unbind should work");
418 session_lookup_local_endpoint (server_local_st_index, &server_sep);
419 SESSION_TEST ((local_listener == SESSION_INVALID_INDEX),
420 "listener should not exist in local table");
423 * Client attach + connect in default ns with local scope
425 options[APP_OPTIONS_FLAGS] &= ~APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
426 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
427 attach_args.namespace_id = 0;
428 attach_args.api_client_index = dummy_client_api_index;
429 vnet_application_attach (&attach_args);
430 error = vnet_connect (&connect_args);
431 SESSION_TEST ((error != 0), "client connect should return error code");
432 code = clib_error_get_code (error);
433 SESSION_TEST ((code == VNET_API_ERROR_SESSION_CONNECT),
434 "error code should be connect (not in same ns)");
435 detach_args.app_index = client_index;
436 vnet_application_detach (&detach_args);
441 detach_args.app_index = server_index;
442 vnet_application_detach (&detach_args);
445 * Create loopback interface
447 if (vnet_create_loopback_interface (&sw_if_index, intf_mac, 0, 0))
449 clib_warning ("couldn't create loopback. stopping the test!");
452 vnet_sw_interface_set_flags (vnet_get_main (), sw_if_index,
453 VNET_SW_INTERFACE_FLAG_ADMIN_UP);
454 ip4_add_del_interface_address (vlib_get_main (), sw_if_index, &intf_addr,
460 ns_args.sw_if_index = sw_if_index;
461 error = vnet_app_namespace_add_del (&ns_args);
462 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
463 clib_error_get_code (error));
466 * Attach server with local and global scope
468 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
469 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
470 options[APP_OPTIONS_NAMESPACE_SECRET] = dummy_secret;
471 attach_args.namespace_id = ns_id;
472 attach_args.api_client_index = dummy_server_api_index;
473 error = vnet_application_attach (&attach_args);
474 SESSION_TEST ((error == 0), "server attachment should work");
475 server_index = attach_args.app_index;
477 bind_args.app_index = server_index;
478 error = vnet_bind (&bind_args);
479 server_st_index = application_session_table (server, FIB_PROTOCOL_IP4);
480 s = session_lookup_listener (server_st_index, &server_sep);
481 SESSION_TEST ((s == 0), "zero listener should not exist in global table");
483 s = session_lookup_listener (server_st_index, &intf_sep);
484 SESSION_TEST ((s != 0), "intf listener should exist in global table");
485 SESSION_TEST ((s->app_index == server_index), "app_index should be that of "
487 server_local_st_index = application_local_session_table (server);
489 session_lookup_local_endpoint (server_local_st_index, &server_sep);
490 SESSION_TEST ((local_listener != SESSION_INVALID_INDEX),
491 "zero listener should exist in local table");
492 detach_args.app_index = server_index;
493 vnet_application_detach (&detach_args);
499 /* fails in multi core scenarions .. */
500 /* vnet_delete_loopback_interface (sw_if_index); */
505 session_test_rule_table (vlib_main_t * vm, unformat_input_t * input)
507 session_rules_table_t _srt, *srt = &_srt;
508 u16 lcl_port = 1234, rmt_port = 4321;
509 u32 action_index = 1, res;
510 ip4_address_t lcl_lkup, rmt_lkup;
514 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
516 if (unformat (input, "verbose"))
520 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
526 memset (srt, 0, sizeof (*srt));
527 session_rules_table_init (srt);
529 ip4_address_t lcl_ip = {
530 .as_u32 = clib_host_to_net_u32 (0x01020304),
532 ip4_address_t rmt_ip = {
533 .as_u32 = clib_host_to_net_u32 (0x05060708),
535 ip4_address_t lcl_ip2 = {
536 .as_u32 = clib_host_to_net_u32 (0x02020202),
538 ip4_address_t rmt_ip2 = {
539 .as_u32 = clib_host_to_net_u32 (0x06060606),
541 ip4_address_t lcl_ip3 = {
542 .as_u32 = clib_host_to_net_u32 (0x03030303),
544 ip4_address_t rmt_ip3 = {
545 .as_u32 = clib_host_to_net_u32 (0x07070707),
547 fib_prefix_t lcl_pref = {
548 .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
550 .fp_proto = FIB_PROTOCOL_IP4,
552 fib_prefix_t rmt_pref = {
553 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
555 .fp_proto = FIB_PROTOCOL_IP4,
558 session_rule_table_add_del_args_t args = {
561 .lcl_port = lcl_port,
562 .rmt_port = rmt_port,
563 .action_index = action_index++,
566 error = session_rules_table_add_del (srt, &args);
567 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
571 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
572 SESSION_TEST ((res == 1),
573 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 1: %d",
577 * Add 1.2.3.4/24 1234 5.6.7.8/16 4321 and 1.2.3.4/24 1234 5.6.7.8/24 4321
579 args.lcl.fp_addr.ip4 = lcl_ip;
580 args.lcl.fp_len = 24;
581 args.action_index = action_index++;
582 error = session_rules_table_add_del (srt, &args);
583 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/16 4321 action %d",
585 args.rmt.fp_addr.ip4 = rmt_ip;
586 args.rmt.fp_len = 24;
587 args.action_index = action_index++;
588 error = session_rules_table_add_del (srt, &args);
589 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/24 4321 action %d",
593 * Add 2.2.2.2/24 1234 6.6.6.6/16 4321 and 3.3.3.3/24 1234 7.7.7.7/16 4321
595 args.lcl.fp_addr.ip4 = lcl_ip2;
596 args.lcl.fp_len = 24;
597 args.rmt.fp_addr.ip4 = rmt_ip2;
598 args.rmt.fp_len = 16;
599 args.action_index = action_index++;
600 error = session_rules_table_add_del (srt, &args);
601 SESSION_TEST ((error == 0), "Add 2.2.2.2/24 1234 6.6.6.6/16 4321 action %d",
603 args.lcl.fp_addr.ip4 = lcl_ip3;
604 args.rmt.fp_addr.ip4 = rmt_ip3;
605 args.action_index = action_index++;
606 error = session_rules_table_add_del (srt, &args);
607 SESSION_TEST ((error == 0), "Add 3.3.3.3/24 1234 7.7.7.7/16 4321 action %d",
611 * Add again 3.3.3.3/24 1234 7.7.7.7/16 4321
613 args.lcl.fp_addr.ip4 = lcl_ip3;
614 args.rmt.fp_addr.ip4 = rmt_ip3;
615 args.action_index = action_index++;
616 error = session_rules_table_add_del (srt, &args);
617 SESSION_TEST ((error == 0), "overwrite 3.3.3.3/24 1234 7.7.7.7/16 4321 "
618 "action %d", action_index - 1);
621 * Lookup 1.2.3.4/32 1234 5.6.7.8/32 4321, 1.2.2.4/32 1234 5.6.7.9/32 4321
622 * and 3.3.3.3 1234 7.7.7.7 4321
625 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
626 SESSION_TEST ((res == 3),
627 "Lookup 1.2.3.4 1234 5.6.7.8 4321 action " "should be 3: %d",
630 lcl_lkup.as_u32 = clib_host_to_net_u32 (0x01020204);
631 rmt_lkup.as_u32 = clib_host_to_net_u32 (0x05060709);
633 session_rules_table_lookup4 (srt, &lcl_lkup,
634 &rmt_lkup, lcl_port, rmt_port);
635 SESSION_TEST ((res == 1),
636 "Lookup 1.2.2.4 1234 5.6.7.9 4321, action " "should be 1: %d",
640 session_rules_table_lookup4 (srt, &lcl_ip3, &rmt_ip3, lcl_port, rmt_port);
641 SESSION_TEST ((res == 6),
642 "Lookup 3.3.3.3 1234 7.7.7.7 4321, action "
643 "should be 6 (updated): %d", res);
646 * Add 1.2.3.4/24 * 5.6.7.8/24 *
647 * Lookup 1.2.3.4 1234 5.6.7.8 4321 and 1.2.3.4 1235 5.6.7.8 4321
649 args.lcl.fp_addr.ip4 = lcl_ip;
650 args.rmt.fp_addr.ip4 = rmt_ip;
651 args.lcl.fp_len = 24;
652 args.rmt.fp_len = 24;
655 args.action_index = action_index++;
656 error = session_rules_table_add_del (srt, &args);
657 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 * 5.6.7.8/24 * action %d",
660 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
661 SESSION_TEST ((res == 7),
662 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should"
663 " be 7 (lpm dst): %d", res);
665 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
666 lcl_port + 1, rmt_port);
667 SESSION_TEST ((res == 7),
668 "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 7: %d",
672 * Del 1.2.3.4/24 * 5.6.7.8/24 *
673 * Add 1.2.3.4/16 * 5.6.7.8/16 * and 1.2.3.4/24 1235 5.6.7.8/24 4321
674 * Lookup 1.2.3.4 1234 5.6.7.8 4321, 1.2.3.4 1235 5.6.7.8 4321 and
675 * 1.2.3.4 1235 5.6.7.8 4322
678 error = session_rules_table_add_del (srt, &args);
679 SESSION_TEST ((error == 0), "Del 1.2.3.4/24 * 5.6.7.8/24 *");
681 args.lcl.fp_addr.ip4 = lcl_ip;
682 args.rmt.fp_addr.ip4 = rmt_ip;
683 args.lcl.fp_len = 16;
684 args.rmt.fp_len = 16;
687 args.action_index = action_index++;
689 error = session_rules_table_add_del (srt, &args);
690 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 * action %d",
693 args.lcl.fp_addr.ip4 = lcl_ip;
694 args.rmt.fp_addr.ip4 = rmt_ip;
695 args.lcl.fp_len = 24;
696 args.rmt.fp_len = 24;
697 args.lcl_port = lcl_port + 1;
698 args.rmt_port = rmt_port;
699 args.action_index = action_index++;
701 error = session_rules_table_add_del (srt, &args);
702 SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1235 5.6.7.8/24 4321 action %d",
706 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4);
709 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
710 SESSION_TEST ((res == 3),
711 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
714 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
715 lcl_port + 1, rmt_port);
716 SESSION_TEST ((res == 9),
717 "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 9: %d",
720 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip,
721 lcl_port + 1, rmt_port + 1);
722 SESSION_TEST ((res == 8),
723 "Lookup 1.2.3.4 1235 5.6.7.8 4322, action should " "be 8: %d",
727 * Delete 1.2.0.0/16 1234 5.6.0.0/16 4321 and 1.2.0.0/16 * 5.6.0.0/16 *
728 * Lookup 1.2.3.4 1234 5.6.7.8 4321
730 args.lcl_port = 1234;
731 args.rmt_port = 4321;
732 args.lcl.fp_len = 16;
733 args.rmt.fp_len = 16;
735 error = session_rules_table_add_del (srt, &args);
736 SESSION_TEST ((error == 0), "Del 1.2.0.0/16 1234 5.6.0.0/16 4321");
738 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
739 SESSION_TEST ((res == 3),
740 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
746 error = session_rules_table_add_del (srt, &args);
747 SESSION_TEST ((error == 0), "Del 1.2.0.0/16 * 5.6.0.0/16 *");
749 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
750 SESSION_TEST ((res == 3),
751 "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
755 * Delete 1.2.3.4/24 1234 5.6.7.5/24
757 args.lcl.fp_addr.ip4 = lcl_ip;
758 args.rmt.fp_addr.ip4 = rmt_ip;
759 args.lcl.fp_len = 24;
760 args.rmt.fp_len = 24;
761 args.lcl_port = 1234;
762 args.rmt_port = 4321;
764 error = session_rules_table_add_del (srt, &args);
765 SESSION_TEST ((error == 0), "Del 1.2.3.4/24 1234 5.6.7.5/24");
767 session_rules_table_lookup4 (srt, &lcl_ip, &rmt_ip, lcl_port, rmt_port);
768 SESSION_TEST ((res == 2), "Action should be 2: %d", res);
774 session_test_rules (vlib_main_t * vm, unformat_input_t * input)
776 session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
777 u64 options[APP_OPTIONS_N_OPTIONS];
778 u16 lcl_port = 1234, rmt_port = 4321;
779 u32 server_index, server_index2, app_index;
780 u32 dummy_server_api_index = ~0;
781 transport_connection_t *tc;
782 u32 dummy_port = 1111;
783 clib_error_t *error = 0;
784 u8 segment_name[128], is_filtered = 0, *ns_id = format (0, "appns1");
785 stream_session_t *listener, *s;
786 app_namespace_t *default_ns = app_namespace_get_default ();
787 u32 local_ns_index = default_ns->local_table_index;
789 app_namespace_t *app_ns;
791 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
793 if (unformat (input, "verbose"))
797 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
803 server_sep.is_ip4 = 1;
804 server_sep.port = dummy_port;
805 memset (options, 0, sizeof (options));
807 vnet_app_attach_args_t attach_args = {
808 .api_client_index = ~0,
811 .session_cb_vft = &dummy_session_cbs,
812 .segment_name = segment_name,
815 vnet_bind_args_t bind_args = {
821 * Attach server with global and local default scope
823 options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_IS_BUILTIN;
824 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
825 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
826 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
827 attach_args.namespace_id = 0;
828 attach_args.api_client_index = dummy_server_api_index;
829 error = vnet_application_attach (&attach_args);
830 SESSION_TEST ((error == 0), "server attached");
831 server_index = attach_args.app_index;
833 bind_args.app_index = server_index;
834 error = vnet_bind (&bind_args);
835 SESSION_TEST ((error == 0), "server bound to %U/%d", format_ip46_address,
836 &server_sep.ip, 1, server_sep.port);
837 listener = listen_session_get_from_handle (bind_args.handle);
838 ip4_address_t lcl_ip = {
839 .as_u32 = clib_host_to_net_u32 (0x01020304),
841 ip4_address_t rmt_ip = {
842 .as_u32 = clib_host_to_net_u32 (0x05060708),
844 fib_prefix_t lcl_pref = {
845 .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
847 .fp_proto = FIB_PROTOCOL_IP4,
849 fib_prefix_t rmt_pref = {
850 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
852 .fp_proto = FIB_PROTOCOL_IP4,
855 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
856 &rmt_pref.fp_addr.ip4, lcl_port,
857 rmt_port, TRANSPORT_PROTO_TCP, 0,
859 SESSION_TEST ((tc == 0), "optimized lookup should not work (port)");
862 * Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action server_index
864 session_rule_add_del_args_t args = {
865 .table_args.lcl = lcl_pref,
866 .table_args.rmt = rmt_pref,
867 .table_args.lcl_port = lcl_port,
868 .table_args.rmt_port = rmt_port,
869 .table_args.action_index = server_index,
870 .table_args.is_add = 1,
873 error = vnet_session_rule_add_del (&args);
874 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
875 args.table_args.action_index);
877 tc = session_lookup_connection4 (0, &lcl_pref.fp_addr.ip4,
878 &rmt_pref.fp_addr.ip4, lcl_port, rmt_port,
879 TRANSPORT_PROTO_TCP);
880 SESSION_TEST ((tc->c_index == listener->connection_index),
881 "optimized lookup should return the listener");
882 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
883 &rmt_pref.fp_addr.ip4, lcl_port,
884 rmt_port, TRANSPORT_PROTO_TCP, 0,
886 SESSION_TEST ((tc->c_index == listener->connection_index),
887 "lookup should return the listener");
888 s = session_lookup_safe4 (0, &lcl_pref.fp_addr.ip4, &rmt_pref.fp_addr.ip4,
889 lcl_port, rmt_port, TRANSPORT_PROTO_TCP);
890 SESSION_TEST ((s->connection_index == listener->connection_index),
891 "safe lookup should return the listener");
892 session_endpoint_t sep = {
893 .ip = rmt_pref.fp_addr,
896 .transport_proto = TRANSPORT_PROTO_TCP,
898 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
899 SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
900 "should not work (global scope)");
902 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
903 &rmt_pref.fp_addr.ip4, lcl_port + 1,
904 rmt_port, TRANSPORT_PROTO_TCP, 0,
906 SESSION_TEST ((tc == 0),
907 "optimized lookup for wrong lcl port + 1 should not work");
910 * Add 1.2.3.4/16 * 5.6.7.8/16 4321
912 args.table_args.lcl_port = 0;
913 args.scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
914 error = vnet_session_rule_add_del (&args);
915 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 4321 action %d",
916 args.table_args.action_index);
917 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
918 &rmt_pref.fp_addr.ip4, lcl_port + 1,
919 rmt_port, TRANSPORT_PROTO_TCP, 0,
921 SESSION_TEST ((tc->c_index == listener->connection_index),
922 "optimized lookup for lcl port + 1 should work");
923 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
924 SESSION_TEST ((app_index == server_index), "local session endpoint lookup "
925 "should work (lcl ip was zeroed)");
928 * Add deny rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -2 (drop)
930 args.table_args.lcl_port = 1234;
931 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
932 args.table_args.lcl.fp_len = 30;
933 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
934 args.table_args.rmt.fp_len = 30;
935 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
936 error = vnet_session_rule_add_del (&args);
937 SESSION_TEST ((error == 0), "Add 1.2.3.4/30 1234 5.6.7.8/30 4321 action %d",
938 args.table_args.action_index);
942 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
943 TRANSPORT_PROTO_TCP);
944 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
945 TRANSPORT_PROTO_TCP);
948 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
949 &rmt_pref.fp_addr.ip4, lcl_port,
950 rmt_port, TRANSPORT_PROTO_TCP, 0,
952 SESSION_TEST ((tc == 0), "lookup for 1.2.3.4/32 1234 5.6.7.8/16 4321 "
953 "should fail (deny rule)");
954 SESSION_TEST ((is_filtered == 1), "lookup should be filtered (deny)");
956 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
957 SESSION_TEST ((app_index == APP_DROP_INDEX), "lookup for 1.2.3.4/32 1234 "
958 "5.6.7.8/16 4321 in local table should return deny");
960 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
961 &rmt_pref.fp_addr.ip4, lcl_port + 1,
962 rmt_port, TRANSPORT_PROTO_TCP, 0,
964 SESSION_TEST ((tc->c_index == listener->connection_index),
965 "lookup 1.2.3.4/32 123*5* 5.6.7.8/16 4321 should work");
968 * "Mask" deny rule with more specific allow:
969 * Add allow rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -3 (allow)
971 args.table_args.is_add = 1;
972 args.table_args.lcl_port = 1234;
973 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
974 args.table_args.lcl.fp_len = 32;
975 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
976 args.table_args.rmt.fp_len = 32;
977 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_ALLOW;
978 error = vnet_session_rule_add_del (&args);
979 SESSION_TEST ((error == 0), "Add masking rule 1.2.3.4/30 1234 5.6.7.8/32 "
980 "4321 action %d", args.table_args.action_index);
983 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
984 &rmt_pref.fp_addr.ip4, lcl_port,
985 rmt_port, TRANSPORT_PROTO_TCP, 0,
987 SESSION_TEST ((tc == 0), "lookup for 1.2.3.4/32 1234 5.6.7.8/16 4321 "
988 "should fail (allow without app)");
989 SESSION_TEST ((is_filtered == 0), "lookup should NOT be filtered");
991 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
992 SESSION_TEST ((app_index == APP_INVALID_INDEX), "lookup for 1.2.3.4/32 1234"
993 " 5.6.7.8/32 4321 in local table should return invalid");
997 vlib_cli_output (vm, "Local rules");
998 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
999 TRANSPORT_PROTO_TCP);
1002 sep.ip.ip4.as_u32 += 1 << 24;
1003 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
1004 SESSION_TEST ((app_index == APP_DROP_INDEX), "lookup for 1.2.3.4/32 1234"
1005 " 5.6.7.9/32 4321 in local table should return deny");
1007 vnet_connect_args_t connect_args = {
1009 .app_index = attach_args.app_index,
1013 /* Try connecting */
1014 error = vnet_connect (&connect_args);
1015 SESSION_TEST ((error != 0), "connect should fail");
1016 rv = clib_error_get_code (error);
1017 SESSION_TEST ((rv == VNET_API_ERROR_APP_CONNECT_FILTERED),
1018 "connect should be filtered");
1020 sep.ip.ip4.as_u32 -= 1 << 24;
1025 * Delete masking rule: 1.2.3.4/32 1234 5.6.7.8/32 4321 allow
1027 args.table_args.is_add = 0;
1028 args.table_args.lcl_port = 1234;
1029 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1030 args.table_args.lcl.fp_len = 32;
1031 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1032 args.table_args.rmt.fp_len = 32;
1033 error = vnet_session_rule_add_del (&args);
1034 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 allow");
1038 * Add local scope rule for 0/0 * 5.6.7.8/16 4321 action server_index
1040 args.table_args.is_add = 1;
1041 args.table_args.lcl_port = 0;
1042 args.table_args.lcl.fp_len = 0;
1043 args.table_args.rmt.fp_len = 16;
1044 args.table_args.action_index = -1;
1045 error = vnet_session_rule_add_del (&args);
1046 SESSION_TEST ((error == 0), "Add * * 5.6.7.8/16 4321 action %d",
1047 args.table_args.action_index);
1051 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1052 TRANSPORT_PROTO_TCP);
1053 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1054 TRANSPORT_PROTO_TCP);
1057 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
1058 SESSION_TEST ((app_index == APP_DROP_INDEX),
1059 "local session endpoint lookup should return deny");
1062 * Delete 1.2.3.4/32 1234 5.6.7.8/32 4321 deny
1064 args.table_args.is_add = 0;
1065 args.table_args.lcl_port = 1234;
1066 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1067 args.table_args.lcl.fp_len = 30;
1068 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1069 args.table_args.rmt.fp_len = 30;
1070 error = vnet_session_rule_add_del (&args);
1071 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 deny");
1073 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
1074 SESSION_TEST ((app_index == APP_INVALID_INDEX),
1075 "local session endpoint lookup should return invalid");
1078 * Delete 0/0 * 5.6.7.8/16 4321, 1.2.3.4/16 * 5.6.7.8/16 4321 and
1079 * 1.2.3.4/16 1234 5.6.7.8/16 4321
1081 args.table_args.is_add = 0;
1082 args.table_args.lcl_port = 0;
1083 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1084 args.table_args.lcl.fp_len = 0;
1085 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1086 args.table_args.rmt.fp_len = 16;
1087 args.table_args.rmt_port = 4321;
1088 error = vnet_session_rule_add_del (&args);
1089 SESSION_TEST ((error == 0), "Del 0/0 * 5.6.7.8/16 4321");
1090 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
1091 SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
1092 "should not work (removed)");
1094 args.table_args.is_add = 0;
1095 args.table_args.lcl = lcl_pref;
1097 args.table_args.is_add = 0;
1098 args.table_args.lcl_port = 0;
1099 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1100 args.table_args.lcl.fp_len = 16;
1101 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1102 args.table_args.rmt.fp_len = 16;
1103 args.table_args.rmt_port = 4321;
1104 error = vnet_session_rule_add_del (&args);
1105 SESSION_TEST ((error == 0), "Del 1.2.3.4/16 * 5.6.7.8/16 4321");
1106 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1107 &rmt_pref.fp_addr.ip4, lcl_port + 1,
1108 rmt_port, TRANSPORT_PROTO_TCP, 0,
1110 SESSION_TEST ((tc == 0),
1111 "lookup 1.2.3.4/32 123*5* 5.6.7.8/16 4321 should not "
1114 args.table_args.is_add = 0;
1115 args.table_args.lcl_port = 1234;
1116 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1117 args.table_args.lcl.fp_len = 16;
1118 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1119 args.table_args.rmt.fp_len = 16;
1120 args.table_args.rmt_port = 4321;
1121 error = vnet_session_rule_add_del (&args);
1122 SESSION_TEST ((error == 0), "Del 1.2.3.4/16 1234 5.6.7.8/16 4321");
1123 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1124 &rmt_pref.fp_addr.ip4, lcl_port,
1125 rmt_port, TRANSPORT_PROTO_TCP, 0,
1127 SESSION_TEST ((tc == 0), "lookup 1.2.3.4/32 1234 5.6.7.8/16 4321 should "
1128 "not work (del + deny)");
1130 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 deny");
1131 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1132 &rmt_pref.fp_addr.ip4, lcl_port,
1133 rmt_port, TRANSPORT_PROTO_TCP, 0,
1135 SESSION_TEST ((tc == 0), "lookup 1.2.3.4/32 1234 5.6.7.8/16 4321 should"
1136 " not work (no-rule)");
1139 * Test tags. Add/overwrite/del rule with tag
1141 args.table_args.is_add = 1;
1142 args.table_args.lcl_port = 1234;
1143 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1144 args.table_args.lcl.fp_len = 16;
1145 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1146 args.table_args.rmt.fp_len = 16;
1147 args.table_args.rmt_port = 4321;
1148 args.table_args.tag = format (0, "test_rule");
1149 args.table_args.action_index = server_index;
1150 error = vnet_session_rule_add_del (&args);
1151 SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 deny "
1155 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1156 TRANSPORT_PROTO_TCP);
1157 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1158 TRANSPORT_PROTO_TCP);
1160 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1161 &rmt_pref.fp_addr.ip4, lcl_port,
1162 rmt_port, TRANSPORT_PROTO_TCP, 0,
1164 SESSION_TEST ((tc->c_index == listener->connection_index),
1165 "lookup 1.2.3.4/32 1234 5.6.7.8/16 4321 should work");
1167 vec_free (args.table_args.tag);
1168 args.table_args.lcl_port = 1234;
1169 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1170 args.table_args.lcl.fp_len = 16;
1171 args.table_args.tag = format (0, "test_rule_overwrite");
1172 error = vnet_session_rule_add_del (&args);
1173 SESSION_TEST ((error == 0),
1174 "Overwrite 1.2.3.4/16 1234 5.6.7.8/16 4321 deny tag test_rule"
1178 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1179 TRANSPORT_PROTO_TCP);
1180 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1181 TRANSPORT_PROTO_TCP);
1184 args.table_args.is_add = 0;
1185 args.table_args.lcl_port += 1;
1186 error = vnet_session_rule_add_del (&args);
1187 SESSION_TEST ((error == 0), "Del 1.2.3.4/32 1234 5.6.7.8/32 4321 deny "
1188 "tag %v", args.table_args.tag);
1191 session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
1192 TRANSPORT_PROTO_TCP);
1193 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1194 TRANSPORT_PROTO_TCP);
1196 tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
1197 &rmt_pref.fp_addr.ip4, lcl_port,
1198 rmt_port, TRANSPORT_PROTO_TCP, 0,
1200 SESSION_TEST ((tc == 0), "lookup 1.2.3.4/32 1234 5.6.7.8/32 4321 should not"
1205 * Test local rules with multiple namespaces
1209 * Add deny rule 1.2.3.4/32 1234 5.6.7.8/32 0 action -2 (drop)
1211 args.table_args.is_add = 1;
1212 args.table_args.lcl_port = 1234;
1213 args.table_args.rmt_port = 0;
1214 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1215 args.table_args.lcl.fp_len = 32;
1216 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1217 args.table_args.rmt.fp_len = 32;
1218 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
1219 args.table_args.tag = 0;
1220 args.scope = SESSION_RULE_SCOPE_LOCAL;
1221 error = vnet_session_rule_add_del (&args);
1222 SESSION_TEST ((error == 0), "Add 1.2.3.4/32 1234 5.6.7.8/32 4321 action %d",
1223 args.table_args.action_index);
1225 * Add 'white' rule 1.2.3.4/32 1234 5.6.7.8/32 4321 action -2 (drop)
1227 args.table_args.is_add = 1;
1228 args.table_args.lcl_port = 1234;
1229 args.table_args.rmt_port = 4321;
1230 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1231 args.table_args.lcl.fp_len = 32;
1232 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1233 args.table_args.rmt.fp_len = 32;
1234 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_ALLOW;
1235 error = vnet_session_rule_add_del (&args);
1239 session_lookup_dump_local_rules_table (local_ns_index, FIB_PROTOCOL_IP4,
1240 TRANSPORT_PROTO_TCP);
1243 vnet_app_namespace_add_del_args_t ns_args = {
1246 .sw_if_index = APP_NAMESPACE_INVALID_INDEX,
1249 error = vnet_app_namespace_add_del (&ns_args);
1250 SESSION_TEST ((error == 0), "app ns insertion should succeed: %d",
1251 clib_error_get_code (error));
1252 app_ns = app_namespace_get_from_id (ns_id);
1254 attach_args.namespace_id = ns_id;
1255 attach_args.api_client_index = dummy_server_api_index - 1;
1256 error = vnet_application_attach (&attach_args);
1257 SESSION_TEST ((error == 0), "server2 attached");
1258 server_index2 = attach_args.app_index;
1261 * Add deny rule 1.2.3.4/32 1234 5.6.7.8/32 0 action -2 (drop)
1263 args.table_args.lcl_port = 1234;
1264 args.table_args.rmt_port = 0;
1265 args.table_args.lcl.fp_addr.ip4 = lcl_ip;
1266 args.table_args.lcl.fp_len = 32;
1267 args.table_args.rmt.fp_addr.ip4 = rmt_ip;
1268 args.table_args.rmt.fp_len = 32;
1269 args.table_args.action_index = SESSION_RULES_TABLE_ACTION_DROP;
1270 args.appns_index = app_namespace_index (app_ns);
1272 error = vnet_session_rule_add_del (&args);
1273 SESSION_TEST ((error == 0), "Add 1.2.3.4/32 1234 5.6.7.8/32 4321 action %d "
1274 "in test namespace", args.table_args.action_index);
1276 * Lookup default namespace
1278 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
1279 SESSION_TEST ((app_index == APP_INVALID_INDEX),
1280 "lookup for 1.2.3.4/32 1234 5.6.7.8/32 4321 in local table "
1281 "should return allow (invalid)");
1284 app_index = session_lookup_local_endpoint (local_ns_index, &sep);
1285 SESSION_TEST ((app_index == APP_DROP_INDEX), "lookup for 1.2.3.4/32 1234 "
1286 "5.6.7.8/16 432*2* in local table should return deny");
1288 connect_args.app_index = server_index;
1289 connect_args.sep = sep;
1290 error = vnet_connect (&connect_args);
1291 SESSION_TEST ((error != 0), "connect should fail");
1292 rv = clib_error_get_code (error);
1293 SESSION_TEST ((rv == VNET_API_ERROR_APP_CONNECT_FILTERED),
1294 "connect should be filtered");
1297 * Lookup test namespace
1299 app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
1300 SESSION_TEST ((app_index == APP_DROP_INDEX), "lookup for 1.2.3.4/32 1234 "
1301 "5.6.7.8/16 4321 in local table should return deny");
1303 connect_args.app_index = server_index;
1304 error = vnet_connect (&connect_args);
1305 SESSION_TEST ((error != 0), "connect should fail");
1306 rv = clib_error_get_code (error);
1307 SESSION_TEST ((rv == VNET_API_ERROR_APP_CONNECT_FILTERED),
1308 "connect should be filtered");
1310 args.table_args.is_add = 0;
1311 vnet_session_rule_add_del (&args);
1313 args.appns_index = 0;
1314 args.table_args.is_add = 0;
1315 vnet_session_rule_add_del (&args);
1317 args.table_args.rmt_port = 4321;
1318 vnet_session_rule_add_del (&args);
1322 vec_free (args.table_args.tag);
1323 vnet_app_detach_args_t detach_args = {
1324 .app_index = server_index,
1326 vnet_application_detach (&detach_args);
1328 detach_args.app_index = server_index2;
1329 vnet_application_detach (&detach_args);
1336 session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
1338 u64 options[APP_OPTIONS_N_OPTIONS];
1339 char *show_listeners = "sh session listeners tcp verbose";
1340 char *show_local_listeners = "sh app ns table default";
1341 unformat_input_t tmp_input;
1342 u32 server_index, app_index;
1343 u32 dummy_server_api_index = ~0, sw_if_index = 0;
1344 clib_error_t *error = 0;
1345 u8 segment_name[128], intf_mac[6], sst, is_filtered = 0;
1346 stream_session_t *s;
1347 transport_connection_t *tc;
1348 u16 lcl_port = 1234, rmt_port = 4321;
1349 app_namespace_t *app_ns;
1352 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1354 if (unformat (input, "verbose"))
1358 vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
1364 ip4_address_t lcl_ip = {
1365 .as_u32 = clib_host_to_net_u32 (0x01020304),
1367 ip4_address_t rmt_ip = {
1368 .as_u32 = clib_host_to_net_u32 (0x05060708),
1370 fib_prefix_t rmt_pref = {
1371 .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
1373 .fp_proto = FIB_PROTOCOL_IP4,
1375 session_endpoint_t sep = {
1376 .ip = rmt_pref.fp_addr,
1379 .transport_proto = TRANSPORT_PROTO_TCP,
1383 * Create loopback interface
1385 memset (intf_mac, 0, sizeof (intf_mac));
1386 if (vnet_create_loopback_interface (&sw_if_index, intf_mac, 0, 0))
1388 clib_warning ("couldn't create loopback. stopping the test!");
1391 vnet_sw_interface_set_flags (vnet_get_main (), sw_if_index,
1392 VNET_SW_INTERFACE_FLAG_ADMIN_UP);
1393 ip4_add_del_interface_address (vlib_get_main (), sw_if_index, &lcl_ip,
1396 app_ns = app_namespace_get_default ();
1397 app_ns->sw_if_index = sw_if_index;
1399 memset (options, 0, sizeof (options));
1400 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
1401 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_IS_PROXY;
1402 options[APP_OPTIONS_PROXY_TRANSPORT] = 1 << TRANSPORT_PROTO_TCP;
1403 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
1404 options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
1405 vnet_app_attach_args_t attach_args = {
1406 .api_client_index = ~0,
1409 .session_cb_vft = &dummy_session_cbs,
1410 .segment_name = segment_name,
1413 attach_args.api_client_index = dummy_server_api_index;
1414 error = vnet_application_attach (&attach_args);
1415 SESSION_TEST ((error == 0), "server attachment should work");
1416 server_index = attach_args.app_index;
1420 unformat_init_string (&tmp_input, show_listeners,
1421 strlen (show_listeners));
1422 vlib_cli_input (vm, &tmp_input, 0, 0);
1423 unformat_init_string (&tmp_input, show_local_listeners,
1424 strlen (show_local_listeners));
1425 vlib_cli_input (vm, &tmp_input, 0, 0);
1428 tc = session_lookup_connection_wt4 (0, &lcl_ip, &rmt_ip, lcl_port, rmt_port,
1429 TRANSPORT_PROTO_TCP, 0, &is_filtered);
1430 SESSION_TEST ((tc != 0), "lookup 1.2.3.4 1234 5.6.7.8 4321 should be "
1432 sst = session_type_from_proto_and_ip (TRANSPORT_PROTO_TCP, 1);
1433 s = listen_session_get (sst, tc->s_index);
1434 SESSION_TEST ((s->app_index == server_index), "lookup should return the"
1437 tc = session_lookup_connection_wt4 (0, &rmt_ip, &rmt_ip, lcl_port, rmt_port,
1438 TRANSPORT_PROTO_TCP, 0, &is_filtered);
1439 SESSION_TEST ((tc == 0), "lookup 5.6.7.8 1234 5.6.7.8 4321 should"
1442 app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
1443 SESSION_TEST ((app_index == server_index), "local session endpoint lookup"
1446 vnet_app_detach_args_t detach_args = {
1447 .app_index = server_index,
1449 vnet_application_detach (&detach_args);
1453 unformat_init_string (&tmp_input, show_listeners,
1454 strlen (show_listeners));
1455 vlib_cli_input (vm, &tmp_input, 0, 0);
1456 unformat_init_string (&tmp_input, show_local_listeners,
1457 strlen (show_local_listeners));
1458 vlib_cli_input (vm, &tmp_input, 0, 0);
1461 app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
1462 SESSION_TEST ((app_index == SESSION_RULES_TABLE_INVALID_INDEX),
1463 "local session endpoint lookup should not work after detach");
1465 unformat_free (&tmp_input);
1469 static clib_error_t *
1470 session_test (vlib_main_t * vm,
1471 unformat_input_t * input, vlib_cli_command_t * cmd_arg)
1475 vnet_session_enable_disable (vm, 1);
1477 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1479 if (unformat (input, "basic"))
1480 res = session_test_basic (vm, input);
1481 else if (unformat (input, "namespace"))
1482 res = session_test_namespace (vm, input);
1483 else if (unformat (input, "rules-table"))
1484 res = session_test_rule_table (vm, input);
1485 else if (unformat (input, "rules"))
1486 res = session_test_rules (vm, input);
1487 else if (unformat (input, "proxy"))
1488 res = session_test_proxy (vm, input);
1489 else if (unformat (input, "all"))
1491 if ((res = session_test_basic (vm, input)))
1493 if ((res = session_test_namespace (vm, input)))
1495 if ((res = session_test_rule_table (vm, input)))
1497 if ((res = session_test_rules (vm, input)))
1499 if ((res = session_test_proxy (vm, input)))
1508 return clib_error_return (0, "Session unit test failed");
1513 VLIB_CLI_COMMAND (tcp_test_command, static) =
1515 .path = "test session",
1516 .short_help = "internal session unit tests",
1517 .function = session_test,
1522 * fd.io coding-style-patch-verification: ON
1525 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob